Modern computer systems place a high importance on maintaining data and application security. In a modern distributed and/or virtual computer system environment, where a plurality of users, services, applications, virtual machines, controlling domains and hosts may have access to a computer system, maintaining data and application security may be a difficult problem. In a distributed and/or virtual computer system environment, for example, where the computer system resources may be provided by a computing resource service provider, customers may also wish for additional security for sensitive or restricted data, protecting such data even from the computing resource service provider.
Encrypting data or applications may help ameliorate the security concerns, but users often desire additional assurances. For example, users may desire additional assurances that malicious applications are unable to temporarily obtain trusted status on a host machine, thereby gaining access to encryption keys and thus compromising encryption security. Similarly, a controlling domain or operating system may always have trusted status and may also read or write directly from computer system memory. Accordingly, users may desire assurances of the security of their data and applications operating within a computing resource service provider environment, event against discovery by the computing resource service provider. Similarly, computing resource service providers may wish to securely locate sensitive or proprietary data or applications within computer systems with assurances that such data or applications are not accessible by privileged customer users and applications on such computer systems.